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[Method for Updating a Network 

CipherING key ] 

Background of Invention 

[0001 ] 1 .Field of the Invention 

[0002] The present invention is related to a method for updating a ciphering key used in 
a network, and more particularly, to a method for updating a ciphering key by way of 
a wireless network. 

[0003] 2 .Description of the Prior Art 

[0004] A network connects together stations in various locations so that digital data is 
quickly transmitted between the stations. In this manner, multiple users can share 
information with each other over the network. With special regard to the development 
of wireless networks over the recent years, because a physical network transmission 
line is not required, the ability to connect a station to a wireless network has brought 
the characteristics of portability and mobility to a user so that the user may access 
network resources at any place and at any time. 

[0005] 

Please refer to Fig.l. Fig.l is a block diagram of a prior art wireless network 
system 1 0. The network system 1 0 complies with IEEE 802.1 1 specifications. The 
network system 1 0 comprises a server SI , a plurality of access points (two 
representative access points API and AP2 are shown in Fig.l), and a plurality of 
stations (four representative stations STAl , STA2, STA3 and STA4 are indicated in 
Fig.l). The stations STAl to STA4 and access points API and AP2 all provide 
functionality for connecting to the wireless network 1 0. In other words, each of the 
stations and access points can send and receive wireless signals so as to transmit 
data. All transmitted data complies with a unified network protocol. Each of the access 
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points API and AP2 is separately connected to the server SI so that data can be 
exchanged between the access point and server SI . Generally, when a station 
transmits wireless signals (such as radio waves or infrared radiation) with an access 
point, the effective transmission range is limited. An area Rl , marlced by a dotted line 
in Fig.l , is representative of the area within which the access point API and the 
stations STAl and STA2 can effectively exchange wireless signals. Outside the area 
Rl , the wireless signals transmitted from the access point API , station STAl and 
station STA2 cannot be adequately received. Similarly, an area R2 is representative of 
the area within which the access point AP2, station STA3 and station STA4 can 
effectively exchange wireless signals. In order to expand the effective range of the 
stations in the wireless network 1 0, the server SI is used to relay signal transmissions 
among the access points. For example, because the areaRl does not overlap the 
areaR2, the station STAl cannot effectively exchange wireless data with the station 
STA4. If the station STAl wants to exchange data with the station STA4 via wireless 
transmissions, the station STAl will first transmit data to the access point API via a 
wireless transmission, and the server SI will forward the data to the access point AP2. 
Finally, the data is wirelessly transmitted to the station STA4. When the station STA4 
wants to transmit information to the station STAl , data is transmitted to the station 
STAl through the access point AP2, server SI , and access point API . In other words, 
within the effective transmission range of the wireless signals, each of the stations in 
the wireless network has a corresponding access point, exchanges wireless signals 
with that access point, and accesses network resources through the access point. As 
mentioned above, one station can exchange data with another station by using the 
access point and server to relay the signals. Under this allocation scheme, not only 
can the wireless functionality of the stations be retained, but the accessing range of 
the wireless network system 1 0 Is further extended. 

[0006] 

Although it is convenient to connect to a wireless network, the security of signal 
transmissions is a great issue of concern. Unlike the wired signals, which are 
physically confined by the network transmission line, with wireless signals, within the 
effective range any wireless receiver can receive the wireless signals. When 
confidential data is transmitted over a wireless network, it is easy for a third party to 
eavesdrop and hence steal the confidential data. In order to avoid this situation, 
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wireless signals are encrypted so that a third party cannot read the contents of the 
signals, even when the third party has illegally intercepted the encrypted signals. This 
assures the security of data transmission over a wireless network. With regards to 
Fig.l , assume that the stations STAl to STA4 are legal stations in the network 10. In 
order to ensure that only legal stations can receive wireless signals transmitted in the 
network 1 0, the wireless signals transmitted between the legal stations and access 
points in the network 1 0 are encrypted by way of a predetermined encryption 
algorithm and a ciphering key. The legal stations and access points are all provided 
the functionality to encrypt/decrypt the wireless signals, and therefore a unified 
ciphering key is stored in each of the legal stations and its corresponding access 
point. As shown in Fig.l , a ciphering key Ka is stored in the legal stations STAl and 
STA2 and the corresponding access point API , and a ciphering key Kb is stored in the 
legal stations STA3 and STA4 and the corresponding access point AP2. The wireless 
signals transmitted among the station STAl , STA2 and access point API are encrypted 
using the ciphering key Ka so that an illegal third party cannot obtain the contents of 
the wireless signals. After the encrypted wireless signals are received, the station 
STAl , STA2 and access point API will decrypt the encrypted wireless signals by using 
the ciphering key Ka to correctly obtain the contents of the wireless signals. Similarly, 
the access point AP2, and stations STAB and STA4 encrypt/decrypt the wireless 
signals by using the ciphering key Kb so as to assure the content security of their 
network transmissions. The ciphering key Kb may be identical to the ciphering key Ka. 
With the enciphering/deciphering process, the wireless signals transmitted between 
the legal stations in the network 10 are incomprehensible to an illegal third party, and 
thus to achieve the Wired Equivalent Privacy (WEP) of the wireless network. In other 
words, each of the stations and the corresponding access points under protection of 
WEP encrypts/decrypts the wireless signals by using a common ciphering key so that 
an illegal third party cannot read the information carried by the wireless signals. 

[0007] 

The network system 1 0 provides different access services to different stations. 
However, to provide access services to, and control the accesses of, the legal stations 
under WEP protection is another issue related to access control, which is not covered 
by WEP. For example, to prevent the signals transmitted between the legal stations 
STAl and STA4 from being stolen by the station STAB, or to ensure that data in the 
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server SI is accessed only by certain stations, is a type of access control. In order to 
control access among the legal stations, the server SI further comprises registration 
data, such as an address, identification data, confidential ranking, and so on, which 
correspond exclusively to each of the stations. The Identification data comprises a 
user identification code and a login password- As shown in Fig.1 , an address Addl , 
user identification code IDl and login password Pssl are stored in the server SI, which 
correspond to the station STAl . Similarly, addresses Add2-Add4, user identification 
codes ID2-ID4 and login passwords Pss2 to Pss4 respectively correspond to the legal 
stations STA2 to STA4. The user identification code and login password of each of the 
legal stations are different from those for the others. The user of a legal station logs 
into the network system 10 by using an associated user identification code and login 
password under the protection of WEP. The network system 1 0 recognizes the identity 
of each of the stations, and controls access among the legal stations under the 
protection of WEP so as to provide a specific access service to each of the legal 
stations. For example, when two of the legal stations exchange data with each other, 
the signals transmitted between the two stations will include the address of the other 
station. Even if a third station receives this signal, the third station cannot read this 
signal because the address is incorrect. As well, the two stations can encrypt their 
transmitted signals so that only the two stations can read the signals. In addition, 
after the identity of each of the stations is recognized, the server SI will determine 
which network resource can be accessed by a specific station. 

[0008] 

In order to achieve the WEP conditions mentioned above, each of the legal stations 
must share a unified ciphering key. As shown in Fig.l, a ciphering key Ka is shared by 
the stations STAl and STA2 and the access point API . In the prior art, the ciphering 
key is manually input to each of the legal stations via an input device, such as a 
keyboard, by the station network staff. The ciphering key is required for ensuring 
WEP, and the ciphering key is automatically used for encryption/decryption when the 
station is operating. In order to prevent the ciphering key from being leaked by users 
of the station, it is better to conceal this ciphering key from the users. Therefore, the 
ciphering key is manually input by the network staff in the prior art. When one station 
is withdrawn from the access service provided by the wireless network and there are 
no more a legal stations in the wireless network, in order to assure the WEP 
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compliance of the other legal stations in the wireless network, the ciphering key must 
be updated so that the station withdrawn from the access service is precluded from 
illegally reading wireless signals transmitted in the wireless network by using a 
previously obtained ciphering key. In the prior art, the ciphering key has to be 
updated manually, which is inefficient and time-consuming. Obviously, the more legal 
stations present, the more time that must be spent on manually inputting a new 
ciphering key into each of the stations. Furthermore, the ciphering key may be leaked 
by the network staff. 

Summary of Invention 

[0009] It is therefore a primary objective of the present invention to provide a method for 
updating a ciphering key via a wireless network. 

[0010] In a preferred embodiment, the present invention provides a method for updating 
a ciphering key used in a network system. The network system comprises a server for 
storing registration data;an access point connected to the server for transmitting data 
received from the server via wireless transmission and receiving data transmitted via 
wireless transmission; anda station for transmitting data to the access point via 
wireless transmission and receiving data transmitted from the access point via 
wireless transmission, the station storing a first ciphering key. Themethod 
comprises:the access point transmitting a first challenge text to the station via 
wireless transmission;the station using the first ciphering key stored in the station to 
encrypt the first challenge text into a first response text;the station transmitting the 
encrypted first response text back to the access point via wireless transmission;the 
access point comparing the first response text with a first predetermined text;the 
station transmitting identification data to the access point when the first response 
text matches the first predetermined text;the access point transmitting the 
identification data of the station to the server; andthe access point transmitting a 
second ciphering key to the station to replace the first ciphering key when the 
identification data matches the registration data. 

[0011] 

It is an advantage of the present invention that the security confirmation is 
repeatedly performed in the updating process so as to assure the ciphering key is not 
leaked. Additionally, the updating process is automatically performed among the 
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server, access points and stations without the need for manual intervention. This not 
only makes the updating process more efficiently and rapid, but also ensures that the 
ciphering key will not be disclosed to the user of the station or to the staff of the 
network system so as to increase the overall network security. 

[001 2] These and other objectives of the present invention will no doubt become obvious 
to those of ordinary skill in the art after having read the following detailed description 
of the preferred embodiment, which is illustrated in the various figures and drawings. 

Brief Description of Drawings 

[001 3] Fig. 1 is a perspective diagram of a prior art wireless network system. 

[0014] Fig.2 is a flowchart for illustrating the steps performed when updating a ciphering 
key of a station according to the present invention. 

Detailed Description 

[001 5] The present invention is provided to update a ciphering key for a wired equivalent 
privacy (WEP) standard by using the wireless network Itself. The ciphering key can be 
commonly applied to the typical wireless network of Fig.l . The station can be a 
personal computer, a notebook computer and so on. 

[001 6] Please refer to Fig.2. i:lg.2 is a flowchart for Illustrating the steps performed when 
updating a ciphering key of a station according to the present invention. The three 
columns In Fig.2, from the left to the right, are respectively representative of the steps 
performed by a server, an access point, and a station. In the following, for the sake of 
example it is assumedthat the ciphering key to be updated is the ciphering key for the 
station STAl of Fig.l (the corresponding access point is API), and further assumed 
that a first ciphering key is originally stored in the station STAl , and that the first 
ciphering key is to be replaced by a second ciphering key so as to perform the 
updating of the wired equivalent privacy (WEP) protocol. Assuming an appropriate 
transmission range for wireless signals, the access point and station transmit signals 
to each other in a wirelessmanner. 

[001 7] The steps performed by the present invention are described as follows. 
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[001 8] Step 1 00: Begin updating of the ciphering key for the wired equivalent privacy 
(WEP) standard. 

[001 9] Step 1 1 0: the access point API sends out a challenge text to station STAl via 

wireless transmission. At this time, the access point API encryptsthis challenge text 
into a first predetermined text by using the first ciphering key. The access point API 
does not confirm if the station STAl is a protection subject of WEP. Before WEP is 
established, this challenge text can be transmitted to the station STAl without being 
encrypted. 

[0020] Step 1 20: after the station STAl receives the challenge text, it will encrypt the 

challenge text into a response text by using the first ciphering key, and transmit the 
response text to the access point API via wireless transmission. 

[0021] Step 1 30: after the access point API receives the response text, it will compare the 
response text transmitted from the station STAl with the first predetermined text 
obtained in step 1 1 0, and check if the two match each other. If so, then proceed to 
step 140; if not, then go to step 1 35. 

[0022] Step 1 35: if the response text generated by the station STAl does not match the 
first predetermined text of the access point API , then the first ciphering key in the 
station STAl is different from the first ciphering key in the access point API , and the 
station is thus not a legal station under the protection of WEP. Therefore, no 
subsequent steps need to be performed. 

[0023] Step 140: if the response text of the station STAl matches the first predetermined 
text of the access point API , then the first ciphering key of the station STAl is 
identical to the first ciphering key in the access point API , and the access point API 
transmits wireless signals with the station STAl under the protection of WEP. From 
steps 110, 120, 130 to this step, the station STAl has been certified as a subject 
protected by WEP. By using the first ciphering key, the transmission between the 
station STAl and access point API is under the protection of WEP. In order to 
continuously update the first ciphering key, the access point API must send a request 
to the station STAl to recognize the identity of the station STAl . 

[0024] Step 1 50: after the request of the access point API is received, the user of the 
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station STAl can send identification data to the access point API via wireless 
transmission by using tfie station STAl . As mentioned previously, the identification 
data comprises a user identification code and a login password. 

[0025] Step 1 60: after the access point API receives the identification data transmitted 

from the station STAl , the access point API will transmit the identification data to the 
server. 

[0026] Step 1 70: after the server receives the identification data transmitted form the 

station STAl via the access point API , the server will compare the identification data 
with identification data in a registration database stored on the server so as to verif/ 
the identity of the station STAl . If the identification data matches the associated 
registration data in the registration database, then proceed to step 1 80. If the 
identification data does not match the registration data, then go to step 175. 

[0027] Step 1 75: If the identification data form the station STAl does not match the 

registration data in the server, then the station STAl should not be given access the 
network system. The reason for this is that the station STAl was originally provided 
an access service of wireless network, but this access service was withdrawn by the 
wireless network before step 100 was performed. Therefore, the server has removed 
the associated registration data from the registration database. Because the first 
ciphering key is still stored in the station STAl , the station STAl can enter into the 
wireless network by way of wired equivalent privacy (WEP) to perform the steps up to 
this current step 1 75. The present invention is provided to update the WEP ciphering 
key so as to prevent stations like this from obtaining the protection range of WEP from 
the network system. Hence, if the station STAl has been withdrawn from an access 
service of the wireless network, there is no need to update the ciphering key of the 
station STAl . Therefore, subsequent steps need not be performed. 

0028] s^^p ^ gQ. if^,^^ identification data of the station STAl matches the registration 
data in the server, then the station STAl is a subject of an access service provided by 
the wireless network, and the first ciphering key of the station STAl must be updated 
so that the station STAl can continue to use the access service of the network under 
the protection of the updated WEP protocol. At this time, the access point API can 
further send out a request to ask the user of the station STAl if he or she wants to 
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update the WEP ciphering key. 

[0029] Step 1 90: the station STAT responds to the request of the access point API . If the 
response indicates updating of the ciphering key, the response is transmitted to the 
access point API . If the response indicates no updating of the ciphering key, the 
station STAT will lose the WEP protection range after the ciphering key is updated. 

[0030] Step 200: after receiving the response to update the ciphering key from the 

station STAl , the access point API transmits a second ciphering key to update the 
ciphering key of the station STAl . As previously mentioned, the access service 
provided by the network system can designate a corresponding address and transmit 
the second ciphering key to the station STAl . In addition, when encrypting the second 
ciphering key by way of the first WEP ciphering key, the second WEP ciphering key may 
also be encrypted by using data belonging exclusively to the station STAl (for 
example, the login password In the identification data or other registration) so as to 
ascertain that in each station under the protection of WEP, only the station STAl can 
correctly decrypt the second ciphering key. At the time of transmitting the second 
ciphering key, the related instructions for updating can also be transmitted so as to 
control the station STAl to update the first ciphering key to the second ciphering key. 
Simultaneously, the access point API can provide notice to the station STAl of the 
encrypting algorithm used for encrypting the second ciphering key so that the station 
STAl can accurately obtain the second ciphering key. 

[0031] Step 210: after the station STAl obtains the second ciphering key, the first 
ciphering key can be replaced with the second ciphering key so that subsequent 
protection of the updated WEP protocol can be performed. 

[0032] Step 220: in order to verify that the correct second ciphering key has been 

provided to and updated in the station STAl, a confirmation process between the 
access point API and the station STAl can be performed. The access point API can 
generate a challenge text and transmit it to the station STAl . Under situations in 
which the WEP protocol is not confirmed as operational, this challenge text can be 
transmitted to the station STAl without being encrypted. At the same time, the access 
point API will encrypt this challenge text into a corresponding second predetermined 
text by using the second ciphering key. 
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[0033] Step 230: the station STAl encrypts the challenge text transmitted from the 
access point API into a response text by using the second ciphering key, and 
transmits the response text to the access point API . 

[0034] Step 240: the access point API checks if the response text of the station STAl 
matches the second predetermined text generated in step 220. If so, then the 
stationAPl has correctly updated the WEP ciphering key to the second ciphering key, 
and WEP can be established between the station STAl and the access point API by 
using the second ciphering key. 

[0035] Step 250: the process of updating the ciphering key ends. Through the steps 220, 
230, 240 and this step, the access point API has been able to recognize the station 
STAl as a protection subject of the updated WEP protocol. WEP protection can be 
applied continuously between the station STAl and the access point API by using the 
second ciphering key. In other words, the wireless signals transmitted between the 
access point API and the station STAl will be encrypted by way of the second 
ciphering key. 

[0036] According the described flowchart of the present invention, the present invention 
is provided to update the WEP ciphering key via a wireless network system so as to 
update the WEP protocol. Because all legal stations in the wireless network system are 
within the protection range of WEP, each of the legal stations becomes a protection 
subject of the WEP protocol by using a unified ciphering key. In the prior art, when the 
WEP ciphering key is updated, each of the legal stations has to be manually reset. This 
not only wastes time, which is contrary to the convenience principles of the network, 
but also makes leaks of the ciphering keys easy, threatening the overall security of the 
wireless network system. Compared to the prior art, the present invention is provided 
to update the WEP ciphering key by utilizing the wireless network system. The security 
confirmation is repeatedly performed in the updating process so as to assure that the 
ciphering key is not leaked. Additionally, the updating process Is automatically 
performed between the server, access points and stations without the need for manual 
intervention. This not only makes the updating process more efficient and quick, but 
also ensures that the ciphering key is not disclosed to the user of a station or to the 
staff of the network system, thus increasing the overall network security. 
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[0037] Those skilled in the art will readily observe that numerous modifications and 

alterations of the device may be made while retaining the teachings of the invention. 
Accordingly, the above disclosure should be construed as limited only by the metes 
and bounds of the appended claims. 
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